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14.01.2003 



FIELD OF THE INVENTION 

The invention relates to a method, and a conesponding terminal, of detecting a 
presence of a circuit extending/tampering anangement. 

5 BACKGROUND OF THE INVENTION 

Smart cards are commonly used in a wide range of applications for the 
purpose of authority check, payment, satellite TV, data storage, etc. As an exxonple the health 
insurance and banking industries use smart cards extensively. A smart card usually resembles 
a credit card in size and shape, but typically contains an embedded microprocessor inside. A 

10 terminal with a card reader communicates with the microprocessor which controls access to 
the data on the card. Smart cards may e.g. be used with a smart card reader attached to or 
located in a personal computer to authenticate a user, etc. Smart card readers can also be 
found in mobile phones for SIM reading and vending machines. 

For a private and/or in-home terminal with a smart card reading c^ability, 

15 such as a set top box (STB), integrated digital television (IDTV), Digital TVs, home 

gateways, access systems, GSMs, Intemet audio sets, car systems, etc. the i)ossibilities to spy 
oo the electronic communication between a smart card and/or a secure access card and &e 
terminal is much greater than in a public automated teller machine (ATM) or similar semi- 
public/public terminals e.g. used for/in connection with e-commerce. This enables attack on 

20 the smart card that is not possible with conventional smart card applications in public and/or 
semi-public terminals, due to the operation in a private sphere. 

A financial and service industry consortium Finread in Europe is attempting to 
standardize a form of e-commerce terminals used in public ATM and personal computers 
(PCs), and also for future STBs, IDTV and similar home terminals. Up until now, the 

75 consortium has focused on expensive taitqper detection and tamper resistant constmctions for 
boss^ e-commerce terminals. Embedded Finread is a part of the Finread consortium 
examining the issues of low-cost terminals for e-commerce such as IDTV, Jave terminals and 
STBs. The cost of temper resistant and other coimter measures normally adopted for 
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»*™«d32.Wtproc««,,earisa,e,«edftrfluspu:p<«e. «™«<=««l ^'cany. 

A Java smart card is a smart <ard with a Java Viitnal Machine rjVMl ,w 
•ltow»«plicatioDs*>erterand«side<M.thecariIi,fti, (JVM) that 

15 ^eptowanismulti-a^uc^ionsmartcal 

As mentioned traditional smart card« nniw 

«^^«»ca^iii..„™„^.^_r:™rr:^ 

•be smsncartp^ecdoneapabitty .hat allows thesmaflc«d>.a.«riy,„perita^ 
also to mc^itoHtsclf and fl„p^e»e»f an a*,!^^ "^ 

A device tj^caUy designated a sulMaminal is s device which i„„i ^ 
fea.u«sofa.enninaI,i.e.nserinprt.displ» stea«,am.. " 7"=* 

<.ateoadcastchannel,butnotan nTaL^ 

STB or r<!Vf . «. ButDOt aa-Ttos a lannmalis complex, and exainples ate e.g IDTV 

STB ««i/or a TV iTc^H ^ , ^ toplemented in a 

"d/or aTV. conditional access modute is a DVB based tenn d«ived ihnn the 
Common Ihterftce concept for DVB temnnals. veaBomae 

Most system can be attacked successflillv bv a .!.rifir.wi 
aesi.a.le.oenable.rit::^^'^'^^^ 
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A £ake terminal can be used to gain access to an unwary user's pin-code or 
oHier application infi>m[ia1ion of the card, which is hard to defend against, and would require 
other protection/detection schemes than provided by the present invention. 

However, a typical security attack on genuine terminals/sub-terminals is the 
insertion of circuit extending equipment like an extender, sair5)ling circuit(s), emulation 
circuit(s), etc. in the electrical signal path(s) between a terminal and a smart card, where the 
circuit extending equipment is coupled both to the smart card to be observed and to any 
electrical equipment which is used to spy on the communication between the card and the 
terminal. 



OBJECT AND SUMMARY OF THE ttJVENTION 

It is an object of the inv^tion to provide a method (and corresponding 
terminal) of detecting a presence of a circuit extending/tampering arrangemenl^ where the . 
method (and system) provides detection and/or protection against inserted fraud equ^xment. 
A further object is to provide this in an inexpensive way. Yet a further object is to enable this 
using a TniTiiTnuTn of electrical measurements. 

This is achieved by a method of detecting a presence of a circuit extending 
arrangement inserted between a physical inter&ce, connected to a terminal, and a smart card, 
the physical inter&ce being adapted to receive the smart card), the method comprising the 
steps of: 

• measuring at least one electrical characteristic of the physical inter&ce, and 

• determining whether a circuit extending arrangement, changing at least one 
characteristic of said physical inter&ce, is coupled to said physical inter&ce on the 
basis said measurement 

In this way, detection of a circuit extending arrangement is provided. 
In one embodiment, the step of measuring comprises: 

• measuring a first currrat provided from said terminal to said smart card via said 
physical interface, 

• measuring a second current returned fix>m said smart card to said terminal, 
and in that said method fiirther comprises tiie step of 

• comparing whether said first and said second current is substantially equal, and if 
not determining that a circuit extending arrangement is present 

Hereby, a very simple and reUant way of detecting a circuit extending 
arrangement is obtained. 
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smartcardviasaidphysicalinterfece, aitosaid 

• a second measure circuit measuring a second a™*«*, 
saidteiminal, ^ * ^^^^^ '^turned ftom said smart cam to 

and &e terminal further comprises 
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• a comparator connected to said first and second measure circuit and ads^ted to 
compare whether said first and said second current is siibstantially equal, and if 
not generating a signal representing that a circuit extending arrangement is 
present. 

In an alternative embodiment, the terminal fiirther comprises a comparator for 
comparing said measured at least one electrical characteristic with at least one electrical 
characteristics as calibrated during manu&cture. 

In one embodiment, the physical inter&ce has been calibrated to create at least 
one viable, but non-stable, electrical property at the physical level, the at least one property 
allowing normal trans action with said smart card, but causing the interfiice to fail if an circuit 
extending arrangement is coupled to said physical interface. 

In one embodiment, the at teast one non-stable electrical property relates to 
current and/or voltage characteristics of said physical interface. 

In one embodiment, the terminal further comprises: 

• means for regulating the use of the smart card on the basis of said signal firom said 
comparator. 

Further, the invention also relates to a computer readable medium having 
stored thereon iostractions for causing one or more processing units to execute the method 
according to the present invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 schematically illustrates a smart card; 

Figure 2 illustrates a smart card and a prior art terminal; 

Figure 3 illustrates an example of an un-tampered circuit according to the 
present invention; 

Figure 4 illustrates an example of a tampered circuit according to the present 

invention. 

DESCRIPTION OF PREFERRED EMBODIMENTS 

Figure 1 schematically illustrates a typical smart card. Shown is a security 
card/a smart card (100) that is well known in the prior art. Typically the card (100) has the 
form of standard size credit card, although the form, layout, size, ete. may vary. The card 
(100) typically comprises embedded memory, a processor/controller and input/oulput (I/O) 
used for commxmication with an appropriate card reader/(sub-)tenninal (not shown) via a 
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monitoiing/detection ciicuit (1 14), preferably integtated in/embedded into an IC (1 10), 
constituting the fbnctionality of the terminal (101), and connected to the main processor 
(105) and the physical smart card interfece (115). 

Interfece pins or other connections of the IC (1 10) is then directly coupled to 
5 the mechanical interfece (1 1 5) that couples to the smart card (100). In this way, the IC (1 1 0) 
may be equipped with additional functionality allowing for electrical measurements of the 
physical/mechanical interfece (115) to be made in order to detect tampering with the 
interfece (115) which could allow for spying on liie communication via the interfece (1 15). 

In the shown embodiment, the terminal (101) comprises a monitoiing process 
10 done by the monitoring/detection circuit (1 14) that monitors and compares certain electrical 
characteristics of tiie physical interfece (115), as explained in greater detail in the following. 

As mentioned, a smart card (100) is an electrical circuit without internal power 
source(s) where a tenninal (101) suppHes flie energy, i.e. the currents in tiie smart card (100). 
This means that the sum of all DC and AC currents supplied to the card (Tsc) must be 
15 returned to the source, i.e. the smart card interface/controller (1 13) in tiie IC (1 10) in the 

tenninal (101). If there is a leakage of current (either DC and/or AC) from the source that is 
not returned back to the source tiien either interference and/or tampering must be present 
Such tampering may e.g. be a monitoring/spy circuit, an extender, etc. with powered 
sensors/amplifiers. The monitoring/detection circuit (1 14) according to the present invention 
20 is able to sense either the AC or DC loss of current to return paths, i.e. sources, other tiian the 
terminal itsel£ 

In tiie embodiment shown in Figure 2, the monitoring/detection circuit (1 14) 
more specifically comprises a first current monitor (102a) coupled to a VDD connection (e.g. 
the power pin (10) in Figure 1) and measuring^omtoring the current (denoted Idd) and a 

25 second current monitor (102b) coupled to a VSS connection (e.g. the ground pin (1 1) in 
Figure 1) and measuring/monitoring the current (denoted Iss)- The first and second current 
monitors (102a, 102b) are both connected to a comparator circuit (103) that compares Idd and 
Iss in order to determine if they are (substantially) equal or different (at all or by a fector 
greater than a predetermined fector),i.e. if Iss (substantially) = Idd or not If they are equal, it 

3© signifies that that the current introduced to the smart card (100) fi?om the taminal (100) is 
siae Tetumed again signifying that no tan^ering circuit has been insetted. If the curr^ts axe 
different (e.g. by more than a margin takmg into account normal interference), it signifies 
that a spy circuit tampering circuit, extaiding arrangement, ete. has been inserted. 
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The transaction, the access, etc. relating to the card would then be terminated and/or carefully 
monitored by the execution/issuing authority. 

Figure 4 illustrates an example of a tampered circuit according to the present 
invention. Shown is the arrangement shown in Figure 3 but with an extender (1 1 1) inserted 
5 and coupled to a spy/monitoring circuit (1 12). As the inserted extender (1 1 1) and/or spy 
circuit (112) introduces a 'leakage' of current, then Iss will be different from Idd, i.e. aU the 
current supplied by the terminal is not received back, which wiU be detected by the 
comparator (103) and signaled by the controller (104) to the main processor (105). In this 
way, attetxipts at spying, tampering, ete. is readily detected by simple means. 



1- '^'°^°f'^«««»N;ai«seru»ofad«mtex^ 

<»rf (100), tt«phj™oalmterii««(„5)befag adapted to recdveaa^caidm^^ fl« 
mefliod comprising the steps of: 

. detennfaiag whefter a ctert extending anangement (1 U, n2X chaigtog at least 
one 0Wteris«c of ^ ph^eal toe^ (, ,5). is coupled ,„ said physical interftce 
(115) on the basis said measiuement 

"> 2- *^"«<»^»»WmI,cIffl«cterizedina«.saids^ 

comprises: ^ 

• ^«^gafirstcurremprovidedftomsaidtenninal(101)tosaidsm^ 
via said physical interfece (1 15), 

15 * ^^'^^''^"**"™"*^*^^^°^«^<i^«^card(l^^^ 
and in that said method further comprises the step of 

- • "^^"^^^"^^^'^^^^^^^ ... 

not detemiiningthatacircuit extending arxangementdll, 112) is present. 

20 3. ^"^^daccoiding to claim 1, characterized in that said method fi^e^ 

comprises a step of: 
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coupled to said physical interfece (1 15). 
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5. A mefhod according to claim 4, chaiacterized in fhat said at least one non- 
stable electrical property relates to current aad/or voltage characteristics of said physical 
inter&ce (115). 

5 

6. Method according tci claims 1-5, characterized in fhat the method further 
comprises the step of: 

• regulating the use of tbie smart card (100) on the basis of said step of comparing. 

10 7. A terminal for detecting a presence of a circuit extending arrangement (1 1 1, 

1 12) inserted between a physical inter&ce (1 15), connected to said terminal (101), and a 
smart card (100), tibie physical interface (115) being ad^ted to receive said smart card (100), 
the terminal (100) comprising a monitoring circuit (1 14) conaprising 

• means (102a, 102b) for measuring at least one electrical characteristic of the physical 
1 5 interface (115), and 

• means (104) for determining whether a circuit extending arrangement (111,1 12), 
changing at least one characteristic of said physical inter&ce (1 1 5), is coupled to said 
physical interface (115) on the basis an output of means for measuring (102a, 102b). 

20 8. A terminal according to claim 7, characterized in that said means for 

measuring comprises: 

• a first measure circuit (102a) measuring a first current provided fix>m said terminal 
(101) to said smart card (100) via said physical interface (1 15), 

. • a second measure circuit (102b) measuring a second current returned from said smart 
25 card (100) to said terminal (101), 

and in that said terminal further comprises 

• a comparator (103) connected to said first and second measure circuit (102a, 102b) 
and adapted to compare whether said first and said second current is substantially 
equal, and if not generating a signal representing that a circuit extending arrangement 

30 (111, 112) is present. 



9. A terminal according to claim 7, characterized in that said terminal further 

comprises a comparator (103) for comparing said measured at least one electrical 
characteristic with at least one electrical characteristics as calibrated during manufacture. 
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10. A tenninal according to claim 7, characterized in that said physical interfece 
(1 15) has been calibrated to create at least one viable, but nonstable, electrical property at 
the physical level, the at least one property aUowing nonnal transaction with said smart card 

5 (100),butcausmgfteinterfacetofaaif ancircuitextendingairangement(lll, 112)is 
coupled to said physical interfece (1 15). 

11. A terminal according to claim 1 0, characterized in that said at least one non- 
stable electrical property relates to current and/or voltage characteristics of said physical 

10 ■interfece(115). 

12. A terminal according to claims 7-11, characterized in that the terminal (101) 
further comprises: 

• means (106) for regulating the use of the smart card (100) on the basis of said 
15 signal from said comparator. 

13. A computer readable medium having stored thereon instractions for causing 
one or more processing units to execute the method according to any one of claims 1 - 6. 



13 14.01.2003 

ABSTRACT: 



This mvention relates to a method (and a corresponding terminal) of detecting 
a presence of a circuit extending anangement inserted between a physical interface, 
connected to a terminal, and a smart card, the physical interface being adapted to receive the 
smart card, the method consprising the steps of measuring at least one electrical characteristic 
5 of the physical interface, and determining whether a circuit extending arrangement, changing 
at least one characteristic of said physical interface, is coiqiled to said physical interfece on 
the basis said measurement. 

In this way, sunple and efiBcient detection of a tampering/spy circuit is 

provided. 
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